[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Nov 27 09:25:25 GMT 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ea9b952d by Salvatore Bonaccorso at 2024-11-27T10:24:52+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15,35 +15,35 @@ CVE-2024-52959 (A Improper Control of Generation of Code ('Code Injection') vuln
 CVE-2024-52958 (A improper verification of cryptographic signature vulnerability in pl ...)
 	NOT-FOR-US: iota C.ai Conversational Platform
 CVE-2024-50942 (qiwen-file v1.4.0 was discovered to contain a SQL injection vulnerabil ...)
-	TODO: check
+	NOT-FOR-US: qiwen-file
 CVE-2024-43784 (lakeFS is an open-source tool that transforms object storage into a Gi ...)
 	TODO: check
 CVE-2024-36467 (An authenticated user with API access (e.g.: user with default User ro ...)
 	TODO: check
 CVE-2024-11820 (A vulnerability, which was classified as problematic, has been found i ...)
-	TODO: check
+	NOT-FOR-US: code-projects Crud Operation System
 CVE-2024-11819 (A vulnerability classified as critical was found in 1000 Projects Port ...)
-	TODO: check
+	NOT-FOR-US: 1000 Projects Portfolio Management System
 CVE-2024-11818 (A vulnerability classified as critical has been found in PHPGurukul Us ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul User Registration & Login and User Management System
 CVE-2024-11817 (A vulnerability was found in PHPGurukul User Registration & Login and  ...)
-	TODO: check
+	NOT-FOR-US: PHPGurukul User Registration & Login and User Management System
 CVE-2024-11745 (A vulnerability was found in Tenda AC8 16.03.34.09 and classified as c ...)
-	TODO: check
+	NOT-FOR-US: Tenda
 CVE-2024-11744 (A vulnerability has been found in 1000 Projects Portfolio Management S ...)
-	TODO: check
+	NOT-FOR-US: 1000 Projects Portfolio Management System MCA
 CVE-2024-11622 (An XML external entity injection (XXE) vulnerability in HPE Insight Re ...)
-	TODO: check
+	NOT-FOR-US: HPE
 CVE-2024-11219 (The Otter Blocks \u2013 Gutenberg Blocks, Page Builder for Gutenberg E ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-11083 (The ProfilePress plugin for WordPress is vulnerable to Sensitive Infor ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10895 (The Counter Up \u2013 Animated Number Counter & Milestone Showcase plu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10580 (The Hustle \u2013 Email Marketing, Lead Generation, Optins, Popups plu ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-10175 (The Pricing Tables For WPBakery Page Builder (formerly Visual Composer ...)
-	TODO: check
+	NOT-FOR-US: WordPress plugin
 CVE-2024-9929 (A vulnerability exists in NSD570 that allows any authenticated user to ...)
 	NOT-FOR-US: Hitachi Energy
 CVE-2024-9928 (A vulnerability exists in NSD570 login panel that does not restrict ex ...)
@@ -156,7 +156,7 @@ CVE-2024-38830 (VMware Aria Operations contains a local privilege escalation vul
 CVE-2024-36463 (The implementation of atob in "Zabbix JS" allows to create a string wi ...)
 	TODO: check
 CVE-2024-32965 (Lobe Chat is an open-source, AI chat framework. Versions of lobe-chat  ...)
-	TODO: check
+	NOT-FOR-US: Lobe Chat
 CVE-2024-22117 (When a URL is added to the map element, it is recorded in the database ...)
 	TODO: check
 CVE-2024-11828 (A denial of service (DoS) condition was discovered in GitLab CE/EE aff ...)
@@ -199910,9 +199910,9 @@ CVE-2022-33864
 CVE-2022-33863
 	RESERVED
 CVE-2022-33862 (IPP software prior to v1.71 is vulnerable to default credential vulner ...)
-	TODO: check
+	NOT-FOR-US: Eaton
 CVE-2022-33861 (IPP software versions prior to v1.71 do not sufficiently verify the au ...)
-	TODO: check
+	NOT-FOR-US: Eaton
 CVE-2022-33860
 	REJECTED
 CVE-2022-33859 (A security vulnerability was discovered in the Eaton Foreseer EPMS sof ...)
@@ -396870,7 +396870,7 @@ CVE-2019-17084
 CVE-2019-17083
 	RESERVED
 CVE-2019-17082 (Missing Authentication for Critical Function vulnerability in OpenText ...)
-	TODO: check
+	NOT-FOR-US: OpenText
 CVE-2019-17081
 	RESERVED
 CVE-2019-17080 (mintinstall (aka Software Manager) 7.9.9 for Linux Mint allows code ex ...)
@@ -466509,9 +466509,9 @@ CVE-2017-18309 (A micro-core of QMP transportation may cause a macro-core to rea
 CVE-2017-18308 (Modem segments are unlocked after authentication, leaving modem segmen ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-18307 (Information disclosure possible while audio playback.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2017-18306 (Information disclosure due to uninitialized variable.)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2017-18305 (XBL sec mem dump system call allows complete control of EL3 by unlocki ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-18304 (Insufficient memory allocation in boot due to incorrect size being pas ...)
@@ -468021,7 +468021,7 @@ CVE-2018-11924 (Improper buffer length validation in WLAN function can lead to a
 CVE-2018-11923 (Improper buffer length check before copying can lead to integer overfl ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11922 (Wrong configuration in Touch Pal application can collect user behavior ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2018-11921 (Failure condition is not handled properly and the correct error code i ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-11920
@@ -485429,7 +485429,7 @@ CVE-2018-5854 (A stack-based buffer overflow can occur in fastboot from all Andr
 CVE-2018-5853 (A race condition exists in a driver in all Android releases from CAF u ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5852 (An unsigned integer underflow vulnerability in IPA driver result into  ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2018-5851 (Buffer over flow can occur while processing a HTT_T2H_MSG_TYPE_TX_COMP ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2018-5850 (In the function csr_update_fils_params_rso(), insufficient validation  ...)
@@ -520978,7 +520978,7 @@ CVE-2017-11078 (In all android releases(Android for MSM, Firefox OS for MSM, QRD
 CVE-2017-11077
 	RESERVED
 CVE-2017-11076 (On some hardware revisions where VP9 decoding is hardware-accelerated, ...)
-	TODO: check
+	NOT-FOR-US: Qualcomm
 CVE-2017-11075 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with  ...)
 	NOT-FOR-US: Qualcomm components for Android
 CVE-2017-11074 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea9b952d6129a67eadf920e9506712ed22168ed1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ea9b952d6129a67eadf920e9506712ed22168ed1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241127/e9e406db/attachment.htm>

More information about the debian-security-tracker-commits mailing list